rraj1996
commented
2 years ago Hi @tklose ,
Were you able to fix this?
Regards
Open tklose opened 2 years ago
rraj1996
commented
2 years ago Hi @tklose ,
Were you able to fix this?
Regards
tklose
commented
2 years ago This was not resolved. We tried modifying the config file, rolling it back, and editing our syslog server setting. Everytime you use the encore.sh Foreground command it will always throw an error. However, we are receiving the logs at the Azure Sentinel....
We are not using any outputter setting, although we tried.
On Tue, Sep 27, 2022 at 3:15 PM rraj1996 @.***> wrote:
Hi @tklose https://github.com/tklose ,
Were you able to fix this?
Regards
— Reply to this email directly, view it on GitHub https://github.com/CiscoSecurity/fp-05-microsoft-sentinel-connector/issues/5#issuecomment-1259941643, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABSMOSJBSBMG33XA7R7L7LDWANBVDANCNFSM6AAAAAAQONKIYU . You are receiving this because you were mentioned.Message ID: <CiscoSecurity/fp-05-microsoft-sentinel-connector/issues/5/1259941643@ github.com>
thinkdreams
commented
1 year ago If you're using the Python3 branch, see below my notes. This is from Cisco TAC after I had a call with them today:
Well, after much ado with Cisco TAC - I had a call with their devs today. Finally I now understand why things weren't working for me at least - and I'm hoping this is the fix for you guys as well.
Basically, Cisco's been updating the main repo, not the python3 branch. The main repo is now using python3 (and not python2 as was expected). The main branch works after I reinstalled it and ran it in the foreground. Going to do more testing, but data is flowing now.
Cisco stated they would be updating this repo and removing the python3 branch entirely to avoid confusion.
rraj1996
commented
1 year ago Thank you Craig, for the information.
On Fri, Dec 2, 2022 at 2:27 AM Craig @.***> wrote:
If you're using the Python3 branch, see below my notes. This is from Cisco TAC after I had a call with them today:
Well, after much ado with Cisco TAC - I had a call with their devs today. Finally I now understand why things weren't working for me at least - and I'm hoping this is the fix for you guys as well.
Basically, Cisco's been updating the main repo, not the python3 branch. The main repo is now using python3 (and not python2 as was expected). The main branch works after I reinstalled it and ran it in the foreground. Going to do more testing, but data is flowing now.
Cisco stated they would be updating this repo and removing the python3 branch entirely to avoid confusion.
— Reply to this email directly, view it on GitHub https://github.com/CiscoSecurity/fp-05-microsoft-sentinel-connector/issues/5#issuecomment-1334434316, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALLEQX524LJU4BR5SXCS4WTWLEGLZANCNFSM6AAAAAAQONKIYU . You are receiving this because you commented.Message ID: <CiscoSecurity/fp-05-microsoft-sentinel-connector/issues/5/1334434316@ github.com>
After successful encore.sh test, I am seeing this error with the encore.sh foreground command. I tried stopping the encore to reset the PID file but it still occurs. It seems that data is being received at Azure Sentinel. I did not set a outputter setting, as that seemed to break things more. How do I resolve this?
File "./estreamer/service.py", line 180, in main self.start( reprocessPkcs12 = args.pkcs12 ) File "./estreamer/service.py", line 140, in start pidFile.create() File "/home/username/fp-05-microsoft-sentinel-connector/estreamer/pidfile.py", line 38, in create raise estreamer.EncoreException('PID file already exists') estreamer.exception.EncoreException: PID file already exists
File "./estreamer/service.py", line 198, in
Service().main()
File "./estreamer/service.py", line 184, in main
self.logger.error(ex)
File "/home/username/fp-05-microsoft-sentinel-connector/estreamer/crossprocesslogging/baseClient.py", line 100, in error
self.log(logging.ERROR, data)
File "/home//username/fp-05-microsoft-sentinel-connector/estreamer/crossprocesslogging/baseClient.py", line 69, in log
data = self.serialise( data )
File "/home//username/fp-05-microsoft-sentinel-connector/estreamer/crossprocesslogging/baseClient.py", line 35, in serialise
message = data.class.name + ': ' + data.message
AttributeError: 'EncoreException' object has no attribute 'message'